Junior Offensive Security Consultant

Work Nest is part of the GRC (Governance, Risk and Compliance) division owned by Inflexion. We are a powerhouse of employment law, HR, health & safety, ISO and cybersecurity support services, combining pragmatic advice with powerful technology platforms.

Work Nest Secure is rapidly expanding, helping organisations strengthen their security posture through world‑class expertise. To support this growth, we are seeking Junior Offensive Security Consultants to join our 12‑month graduate academy.

Through a variety of learning methods such as workshops, observations, practice labs, paired work, live testing, mentoring, and coaching, you will quickly build a strong mix of technical and soft skills.

You will receive structured support from our Academy Manager and consultant team, enabling you to progress in a supportive and friendly environment with a strong focus on developing junior consultants.

We provide a broad range of assessment services, including web applications and infrastructure, giving Junior Off Sec Consultants the opportunity to build expertise across these areas.

As a Junior Off Sec Consultant you will perform formal and comprehensive penetration testing assessments, including producing full written reports to appropriate standards and within agreed deadlines. In addition, you will support client pre‑engagement activities, as well as research application and infrastructure vulnerabilities, following responsible disclosure, and sharing such findings within the team.

• Perform formal and comprehensive application, infrastructure and other penetration testing assessments where appropriate and required.
• Provide well‑written, concise, technical and non‑technical reports in English.
• Maintain excellent communication standards during your engagements & ensuring debriefs are offered following the process.
• Maintain good communication standards with your Off Sec Team lead & Academy Manager.
• Perform vulnerability assessments and provide findings with remediation actions.
• Support with various client pre‑engagement interactions where appropriate and applicable.
• Manage and deliver applicable project activities to deadlines.
• Research application and infrastructure components within the wider team to identify new vulnerabilities and follow responsible disclosure.
• Any other appropriate job duties in line with the associated skill and experience of the post holder.
• Work towards achieving industry certifications and developing new Penetration testing skillsets via research and shadowing.

• Good knowledge of application and infrastructure penetration testing.
• Strong understanding of OWASP, PTES and other penetration testing methodologies.
• Knowledge of how modern web apps are designed, developed and deployed across different platforms.
• Ability to program or script in your preferred language.
• (Nice to have) Relevant security qualifications (such as OSCP, CREST CRT, TIGER).
• Good knowledge and understanding of network and OS principles.
• Good knowledge of various operating systems.
• Good knowledge of virtualisation.
• A degree in Cybersecurity or related courses.

• Excellent spoken and written English communication skills with strong attention‑to‑detail and accuracy.
• A customer centric mindset & approach – Willing to go above and beyond when engaging with our customers.
• A passion for security and networks.
• Analytical and problem‑solving skills with a can‑do attitude and the ability to think laterally and creatively.
• Self‑motivation with a commitment to continued development.
• Ability to work independently and as part of a team.
• Influencing and negotiation skills with the ability to build relationships at all levels.
• Willingness to learn.

In addition to the responsibilities listed above, the job holder may be required to perform other duties as assigned from time to time by their manager or a senior leader.